Course info

Rating

(49)

Level

Intermediate

Updated

Aug 30, 2016

Duration

2h 3m

Description

365体育足球Bugs in software can be very expensive issues that can arise from not thoroughly testing and re-testing your code. In this course, Security for Hackers and Developers: Code Auditing, you will learn about manual code pentesting and all about how a professional code auditor finds bugs in code. You'll mainly be focusing on C/C++, but the high level ideas apply to all languages. By going deep into the weeds on C and C++ code, learners will appreciate the depth and experience required to audit this and any language code. First you'll learn about code auditing tools and techniques, as well has why memory corruption happens and how to prevent it. Then you'll learn all about the newer bug types such as use-after-free, type confusion, and kernel double fetch. You'll wrap up the course by learning about the real-world vulnerabilities like Heartbleed and other critical browser bugs. By the end this course, you'll know how to audit code with confidence. You'll know how to spot bugs, understand why they're important, and architect modern protections.

About the author

365体育足球Dr. Jared DeMott is the founder of the security company, Vulnerability Discovery & Analysis (VDA) Labs. DeMott is a former NSA security analyst, Microsoft BlueHat Prize winner, and was the CTO and Binary Defense. He's frequently quoted in media, and invited to speak at security events.

Section Introduction Transcripts

Course Overview365体育足球Hi everyone. My name is Dr. DeMott and welcome to my course on code auditing. This is the second class in the application security for hackers and developers learning path. I'm the CTO of Binary Defense Systems and founder of VDA Labs Training. I'm a long-time security researcher, vulnerability, malware, and code-auditing expert. I love teaching and mentoring, and I'm happy to bring you another exciting class. Did you know that bugs in software costs the economy billions of dollars a year? In this course, we're going to turn the tide as we explain how to find and fix critical bugs quicker. By going deep into the weeds on C and C++ code, learners will appreciate the depth and experience required to audit this and any language. We cover topics such as a language review and code auditing tools and techniques; memory corruption, why it happens, and how to prevent it; newer bug types, such as use-after-free, type confusions, and colonel double-dutch; real-world vulnerability examples, like Heartbleed and critical browser bugs. By the end of this course, you'll know how to audit code with confidence. You'll know how to spot bugs, understand why they're important, and architect modern protections. Before beginning the course, you should take the first class in the series called Security for Hackers and Developers: Overview. After completing this course, you should feel comfortable moving on to upcoming courses on Fuzzing, Reverse Engineering, Exploit Development. I hope you'll join me on this journey towards safer code with the Security for Hackers and Developers Code Auditing Course at Pluralsight.